Adobe grapples with new Reader, Acrobat zero-day

By on
Adobe grapples with new Reader, Acrobat zero-day

"David Leadbetter's One Point Lesson" used as subject line.

Adobe has confirmed a dangerous vulnerability affecting the latest versions of Reader and Acrobat.

The unpatched flaw, which is being leveraged in active attacks, could be targeted to crash a user's machine or take complete control of it, according to an advisory. The bug affects Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX and Acrobat 9.3.4 and earlier versions for Windows and Mac.

The issue first was reported by researcher Mila Parkour, who runs the Contagio Malware Dump blog. She discovered the flaw through a phishing email that contained a malicious PDF attachment, Parkour wrote.

The subject of the bogus message read "David Leadbetter's One Point Lesson", and the body tried to convince recipients into opening the malicious PDF to receive tips from the well-known golf instructor.

Writing on the SANS Internet Storm Center blog, incident handler John Bambenek said a number of anti-virus products have caught the exploit because the PDF looks suspicious. And if it does get through to inboxes, users should be able to act before their machines get infected, he said.

"The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file," Bambenek wrote. "So the good news is that, as of right now, it's a 'loud' exploit.'"

Vulnerability tracking firm Secunia graded the flaw "extremely critical" — its most severe rating —  and said it is "caused due to a boundary error within the font parsing of CoolType.dll and can be exploited to cause a stack-based buffer overflow."

CoolType.dll is a component of Adobe CoolType, a font-rendering technology.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?